Snakeoil Crypto: Twitter Claims Bulletproof Encrypted Messaging Rollout

grarpamp grarpamp at gmail.com
Sat May 13 13:48:03 PDT 2023


If it's not end-to-end crypto done using crypto code that is not
also provided by the messaging service, it's not bulletproof.
All that any of these services, or the State and or actors that
rubberhose and or crack them or mole them out, need to do
is to backdoor the code your browser downloads from them.
At that point you're fucked.

https://help.twitter.com/en/using-twitter/encrypted-direct-messages
https://twitter.com/foaddabiri/status/1654856617723301888
https://twitter.com/elonmusk/status/1655971825665409024

Musk Launches Twitter's New Encrypted Messaging,
But With Big Caveat: "Don't Trust It Yet"

https://www.theepochtimes.com/musk-launches-twitters-new-encrypted-messaging-but-with-big-caveat-dont-trust-it-yet_5257929.html

Elon Musk on Thursday announced the official launch of Twitter’s new
encrypted direct messaging (DM) function, urging users to give it a
try, but warning that the encryption feature in the early version
should not be trusted.

“Early version of encrypted direct messages just launched,” Musk
stated in a Thursday tweet. “Try it, but don’t trust it yet.”

Direct messages sent on Twitter will be encrypted end-to-end, meaning
that private messages can only be read by the sender and recipient.

Musk stated in an earlier post on Wednesday that the sophistication of
the encryption feature will grow “rapidly” following the launch of the
preliminary version. “The acid test is that I could not see your DMs
even if there was a gun to my head,” he said.

With the rollout now official, Twitter joins other platforms like
Signal and WhatsApp in providing users with an encrypted messaging
service, though not all Twitter users will have access to it—at least
for now.

Twitter stated in a post on its support site that the encryption
feature is only available to people who pay for Twitter Blue or are
affiliated with a verified Twitter account. Only messages containing
text and links are encrypted, while media and other attachments are
not yet supported.

    Early version of encrypted direct messages just launched.

    Try it, but don’t trust it yet.
    — Elon Musk (@elonmusk) May 11, 2023

Reactions to encrypted messages are also encrypted, but metadata—which
includes the recipient as well as the creation time—are not. While
links themselves are encrypted, the linked content isn’t.

Eligible users who want to send encrypted messages on Twitter will see
a toggle after clicking on the message icon, allowing them to activate
“encrypted” mode. They can then select another eligible recipient, and
clicking “send” will dispatch an encrypted message.

Alternatively, eligible Twitter users can send encrypted messages
though the conversation settings page of an unencrypted conversation
in their inbox. After tapping the information icon, they can select
the “start an encrypted message” option. Encrypted conversations will
be differentiated from unencrypted ones through a lock icon badge.

“As Elon Musk said, when it comes to direct messages, the standard
should be, if someone puts a gun to our heads, we still can’t access
your messages. We’re not quite there yet, but we’re working on it,”
Twitter said on the support page, reinforcing Musk’s warning not to
trust the encryption feature to protect sensitive information—yet.

“Twitter seeks to be the most trusted platform on the internet, and
encrypted direct messages are an important part of that,” the support
page states.

Musk revealed last year that he has plans to roll out a “Twitter 2.0
The Everything App,” which he said would combine encrypted direct
messages, long-form tweets, and payments.

In March, Musk merged Twitter with a shell firm called X Corp., which he owns.
WhatsApp ‘Cannot Be Trusted’

In a Twitter post on Tuesday, Musk took aim at WhatsApp, telling
Twitter users that the service “cannot be trusted.”

Musk was responding to a post from Twitter engineer Foad Dabiri, who
claimed that his WhatsApp application was constantly switching on the
microphone, even while he was sleeping.

Dabiri shared a screenshot of his device’s microphone usage, which
showed that it had been switched on nine times between 4:20 a.m. and
6:53 a.m. while he was asleep, at one point appearing to record him
for nearly 30 minutes.

Replying to Dabiri’s post, Gannon Breslin, CEO of The Drop NFT Media
Inc., wrote, “It’s incredible how many people don’t realize that
WhatsApp is owned by Meta/Facebook.”

Facebook purchased WhatsApp in 2014 for $16 billion.

Musk replied: “Yeah. Or that WhatsApp founders left Meta/Facebook in
disgust, started #deletefacebook campaign and made major contributions
to building Signal. What they learned about Facebook and changes to
WhatsApp obviously disturbed them greatly.”

WhatsApp swiftly dismissed Dabiri’s claim, stating that users of the
messaging service “have full control over their mic settings.”

“Over the last 24 hours, we’ve been in touch with a Twitter engineer
who posted an issue with his Pixel phone and WhatsApp,” WhatsApp said
on its official Twitter account.

“We believe this is a bug on Android that mis-attributes information
in their Privacy Dashboard and have asked Google to investigate and
remediate.”

“Users have full control over their mic settings. Once granted
permission, WhatsApp only accesses the mic when a user is making a
call or recording a voice note or video—and even then, these
communications are protected by end-to-end encryption so WhatsApp
cannot hear them,” it added.


More information about the cypherpunks mailing list